These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

SSO hash question

First post
Author
Previous Topic Next Topic
Pete Butcher
The Scope
Gallente Federation
#1 - 2014-10-07 04:47:04 UTC
According to https://developers.testeveonline.com/resource/single-sign-on the CharacterOwnerHash is unique. That's good, but does it guarantee uniqueness with respect to historic data? In other words, is it possible for it to have a collision with some previous player account + character combination?

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#2 - 2014-10-07 05:16:50 UTC
Pete Butcher wrote:
According to https://developers.testeveonline.com/resource/single-sign-on the CharacterOwnerHash is unique. That's good, but does it guarantee uniqueness with respect to historic data? In other words, is it possible for it to have a collision with some previous player account + character combination?


Pretty sure unique means... you know... unique.

It is probably a hash of you character and account, and since no two combos will ever be the same... yes, it's unique.
Pete Butcher
The Scope
Gallente Federation
#3 - 2014-10-07 06:44:26 UTC  |  Edited by: Pete Butcher
Sable Blitzmann wrote:
Pete Butcher wrote:
According to https://developers.testeveonline.com/resource/single-sign-on the CharacterOwnerHash is unique. That's good, but does it guarantee uniqueness with respect to historic data? In other words, is it possible for it to have a collision with some previous player account + character combination?


Pretty sure unique means... you know... unique.

It is probably a hash of you character and account, and since no two combos will ever be the same... yes, it's unique.


That's what I also think, but it's better to be sure before integrating it into an application. It all depends on their :secret: algorithm to compute this stuff.

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#4 - 2014-10-07 17:18:28 UTC
Pete Butcher wrote:
Sable Blitzmann wrote:
Pete Butcher wrote:
According to https://developers.testeveonline.com/resource/single-sign-on the CharacterOwnerHash is unique. That's good, but does it guarantee uniqueness with respect to historic data? In other words, is it possible for it to have a collision with some previous player account + character combination?


Pretty sure unique means... you know... unique.

It is probably a hash of you character and account, and since no two combos will ever be the same... yes, it's unique.


That's what I also think, but it's better to be sure before integrating it into an application. It all depends on their :secret: algorithm to compute this stuff.


Well, I mean, that's the purpose of a hash, isn't it? Can there be two different inputs that lead to the same output? I assume it's possible (I'm not a cryptographer), but the likelihood of that happening is probably in the millions / billions, depending on the hash function, number of bits, salt, and other inputs they use. Couple that with the fact that eve doesn't have millions of inputs to begin with(there is less than 400K subscribers IIRC), I think it's safe to assume that it is indeed unique.
Pete Butcher
The Scope
Gallente Federation
#5 - 2014-10-07 17:38:44 UTC
Sable Blitzmann wrote:
Pete Butcher wrote:
Sable Blitzmann wrote:
Pete Butcher wrote:
According to https://developers.testeveonline.com/resource/single-sign-on the CharacterOwnerHash is unique. That's good, but does it guarantee uniqueness with respect to historic data? In other words, is it possible for it to have a collision with some previous player account + character combination?


Pretty sure unique means... you know... unique.

It is probably a hash of you character and account, and since no two combos will ever be the same... yes, it's unique.


That's what I also think, but it's better to be sure before integrating it into an application. It all depends on their :secret: algorithm to compute this stuff.


Well, I mean, that's the purpose of a hash, isn't it? Can there be two different inputs that lead to the same output? I assume it's possible (I'm not a cryptographer), but the likelihood of that happening is probably in the millions / billions, depending on the hash function, number of bits, salt, and other inputs they use. Couple that with the fact that eve doesn't have millions of inputs to begin with(there is less than 400K subscribers IIRC), I think it's safe to assume that it is indeed unique.


Well, the first thing every programmer should learn about any hash function is that it's NOT unique and never EVER should anyone depend on that. Having said that, I doubt it's a hash in a cryptographic sense. It's probably some concatenated data with base64 encoding. But none of us know that for sure, hence the question.

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#6 - 2014-10-07 19:31:57 UTC
Pete Butcher wrote:
...things...
Well, the first thing every programmer should learn about any hash function is that it's NOT unique and never EVER should anyone depend on that. Having said that, I doubt it's a hash in a cryptographic sense. It's probably some concatenated data with base64 encoding. But none of us know that for sure, hence the question.


Admittedly I'm a bit rusty when it comes to hashes. Brushed up on it a bit. It is possible to use a hash functions in a way that does not exhibit collisions (same output for two different inputs). It all depends on which one they use and how it's used. Even if collision is possible, it is extremely unlikely. Couple this with the aforementioned fact that they already start with a (relatively) low number of inputs (presumably character+account+salt), and it's nearly guaranteed that the resulting value is unique.

Also, it has to be some sort of cryptographic hash algorithm and not just an encoded value, otherwise there would be the possibility of decoding the value (which CCP has stated will not be possible). So it's a one way street with it, hence, hash.

All in all, I don't think you would have to worry about uniqueness in an application. If they weren't unique, then there would be no point to it. I would be interested to know how CCP actually calculated the value, but I doubt they would provide that info. =(
Pete Butcher
The Scope
Gallente Federation
#7 - 2014-10-07 20:43:48 UTC
Sable Blitzmann wrote:
Pete Butcher wrote:
...things...
Well, the first thing every programmer should learn about any hash function is that it's NOT unique and never EVER should anyone depend on that. Having said that, I doubt it's a hash in a cryptographic sense. It's probably some concatenated data with base64 encoding. But none of us know that for sure, hence the question.


Admittedly I'm a bit rusty when it comes to hashes. Brushed up on it a bit. It is possible to use a hash functions in a way that does not exhibit collisions (same output for two different inputs). It all depends on which one they use and how it's used. Even if collision is possible, it is extremely unlikely. Couple this with the aforementioned fact that they already start with a (relatively) low number of inputs (presumably character+account+salt), and it's nearly guaranteed that the resulting value is unique.

Also, it has to be some sort of cryptographic hash algorithm and not just an encoded value, otherwise there would be the possibility of decoding the value (which CCP has stated will not be possible). So it's a one way street with it, hence, hash.

All in all, I don't think you would have to worry about uniqueness in an application. If they weren't unique, then there would be no point to it. I would be interested to know how CCP actually calculated the value, but I doubt they would provide that info. =(


If they can confirm the algorithm is "good enough" to uniquely identify account + character combination, regardless of passing time, I'm happy with that. Any dev can confirm/deny that?

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#8 - 2014-10-07 21:04:01 UTC  |  Edited by: Steve Ronuken
It's impossible, when you have data that is longer than the hash created, to not have collisions. If it were, you would have the ultimate compression algorithm, which can compress an infinite quantity of date to the length of the hash.

There is always a chance of a collision. However, the likelyhood of a collision occurring, when a character changes hands, is minimal. To the point I'd discount it as a possibility.

The whole point of it is to change when a character changes hands. That's why we asked for it, during the trial phase.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Pete Butcher
The Scope
Gallente Federation
#9 - 2014-10-07 21:23:21 UTC  |  Edited by: Pete Butcher
Steve Ronuken wrote:
It's impossible, when you have data that is longer than the hash created, to not have collisions. If it were, you would have the ultimate compression algorithm, which can compress an infinite quantity of date to the length of the hash.

There is always a chance of a collision. However, the likelyhood of a collision occurring, when a character changes hands, is minimal. To the point I'd discount it as a possibility.

The whole point of it is to change when a character changes hands. That's why we asked for it, during the trial phase.


Ah, so the hash has fixed length (didn't find any info on that). Well, that pretty much answers the question. OK, I'll assume it's good enough as a unique identifier.

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool
Kali Izia
GoomWaffe
#10 - 2014-10-07 22:50:02 UTC
The hash is a base64 representation of a binary sha1 hash. Collisions are technically possible in sha1 but they're not likely going to happen naturally for this usage.
Pete Butcher
The Scope
Gallente Federation
#11 - 2014-10-08 04:55:22 UTC
Kali Izia wrote:
The hash is a base64 representation of a binary sha1 hash. Collisions are technically possible in sha1 but they're not likely going to happen naturally for this usage.


Thanks. They could have written it's a sha1 in the first place.

http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool